| ||||||||||||||||||||||
Ubuntu alert USN-1117-1 (policykit-1)
========================================================================== Ubuntu Security Notice USN-1117-1 April 19, 2011 policykit-1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 Summary: Local users could gain root access by using the pkexec tool in PolicyKit. Software Description: - policykit-1: framework for managing administrative policies and privileges Details: Neel Mehta discovered that PolicyKit did not correctly verify the user making authorization requests. A local attacker could exploit this to trick pkexec into running applications with root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libpolkit-backend-1-0 0.96-2ubuntu1.1 Ubuntu 10.04 LTS: libpolkit-backend-1-0 0.96-2ubuntu0.1 Ubuntu 9.10: libpolkit-backend-1-0 0.94-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: CVE-2011-1485 Package Information: https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ub... https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ub... https://launchpad.net/ubuntu/+source/policykit-1/0.94-1ub... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
||||||||||||||||||||||